beautypg.com

Overview, Overview 2 – Allied Telesis AT-8100 Series User Manual

Page 1062

background image

Chapter 71: 802.1x Port-based Network Access Control

1062

Overview

This chapter explains 802.1x port-based network access control. This port
security feature lets you control who can send traffic through and receive
traffic from the individual switch ports. The switch does not allow an end
node to send or receive traffic through a port until the user of the node has
been authenticated by a RADIUS server.

This feature is used to prevent unauthorized individuals from connecting a
computer to a switch port or using an unattended workstation to access
your network resources. Only those users designated as valid network
users on a RADIUS server are permitted to use the switch to access the
network.

This port security method uses the RADIUS authentication protocol. The
management software of the switch includes RADIUS client software. If
you have already read Chapter 96, “RADIUS and TACACS+ Clients” on
page 1479, then you know that you can also use the RADIUS client
software on the switch, along with a RADIUS server on your network, to
create new remote manager accounts.

Note

RADIUS with Extensible Authentication Protocol (EAP) extensions
is the only supported authentication protocol for 802.1x port-based
network access control. This feature is not supported with the
TACACS+ authentication protocol.

Here are several terms to keep in mind when using this feature.

Supplicant - A supplicant is an end user or end node that wants to
access the network through a switch port. A supplicant may also
be referred to as a client.

Authenticator - The authenticator is a port that prohibits network
access until a supplicant has logged on and been validated by the
RADIUS server.

Authentication server - The authentication server is the network
device that has the RADIUS server software. This is the device
that does the actual authenticating of the supplicants.

The switch does not authenticate any supplicants connected to its ports.
Its function is to act as an intermediary between the supplicants and the
authentication server during the authentication process.

See also other documents in the category Allied Telesis Computer hardware: